Executive Perspectives

The FireEye Advanced Threat Report 2013: European Edition

We recently published the 2013 FireEye Advanced Threat Report during RSA Conference, providing a global overview of the advanced attacks that FireEye discovered last year. We are now drilling that global analysis down into the European threat landscape with our first Regional Advanced Threat Report.

Recent European cyber attacks, like the ones against the European Parliament or LaCie, make it clear that advanced attacks are a becoming a harsh reality in Europe. Motivated by financial and political objectives, threat actors have increased their levels of sophistication to steal personal data and put organizations into non-compliance with user privacy EU directive (2002/58/EC).

The top-line findings from our first Regional Advanced Threat Report are alarming, as we:

  • Recorded over 250 new workstations infected every day
  • Identified more than 90 APT families
  • Observed threats impacting all verticals, particularly the Healthcare, Financial Services and Government verticals

Diving deeper, we saw that the rate of increase in workstation infections skyrocketed in the last four months of 2013. A clear sign of how rapidly threat actors targeting European organizations are evolving, the number of unique infections more than doubled from January to December 2013.

eu1

Figure 1 – Unique Infections Trending over 2013

We also took a look at the distribution of infections amongst European nations and saw a heavily skewed landscape. In particular, Great Britain, Switzerland, Germany and France represented more than 70 percent of infections across 2013, leaving 18 nations to split the remaining 30 percent.

eu2

Figure 2 – Unique Infections by Country

Next, let’s consider which industry verticals in Europe were most targeted by advanced attackers. Threat Actors have been busy targeting high-value organizations that offer rich personal information or intellectual property. The below chart shows the number of infections that occurred in each of the 20 verticals that FireEye tracks around the world. Alarmingly, no industry vertical in Europe was spared and this trend is most likely to continue.

eu3

Figure 3 – Unique Infections by Industry Vertical (Listed from Most-Infected to Least on Right)

Based on the latest Mandiant M-Trends report, the Financial Services vertical accounted for 15 percent of threat actors’ actions on a global basis. In Europe, we saw Financial Services account for 17 percent of attacks, aligning closely to the global statistic. In a stark contrast however, Healthcare/Pharmaceuticals represented 21 percent of infections in Europe compared to the four percent this vertical accounted for globally.

Beyond Infections: Diving Into APT Attacks

When pulling this report together, we saw the notable rise in infection rates and the attacks across verticals, and we also saw strong similarities in how APT attacks targeted European industry verticals. As you can see below, aside from the extraordinary fact that European Federal Governments accounted for a quarter of APT attacks, the Financial Services and Healthcare/Pharmaceutical industries maintained top positions as targets.

eu4

Figure 4 – APT Attacks per Vertical (Listed from Most-Targeted to Least on Right)

This consistency between infections and APT attacks also carried over to the distribution of APT attacks between different countries. As we see below, when it comes to country-by-country analysis, the top-three most impacted in Europe are the UK, Germany and Switzerland – the same top-three infected countries.

eu5

The highest number of APT activity in Europe, by country can be summarized in the following order:

 

     

  1. Germany
  2. United Kingdom
  3. Switzerland
  4. Luxembourg
  5. France
  6. Spain
  7. Norway
  8. Belgium
  9. Finland
  10.  

 

In addition, we found that when measuring the world’s most-targeted nations by number of unique verticals hit by APT attacks, three European nations made the top-ten: France, the UK, and Germany.

UKI52

With such a strong rise in infections and just a couple of industries and countries accounting for a massive number of the attacks carried-out in Europe, we are certainly seeing a change in the threat landscape with this report. And while the situation would seem bleak already, we predict that there is still more time for the European market to strategically get ahead of these advanced attack before they fully mature into a constant threat.

With that time in mind, we recommend the following for European organizations:

 

     

  1. Ensure existing security tools are up to date.  Much commodity malware can be easily addressed with legacy, signature-based tools.
  2. Implement Advanced Threat Protection systems to ensure high value data is safeguarded.
  3. Plan and Implement an Incident Response and Management strategy to close existing security gaps.
  4. Share and collaborate with other entities on emerging cyber threats to optimize your security posture.
  5.  

 

To find out more about the report or how to address these rising issues, come visit the FireEye team at InfoSec UK at Stand J60.